Are Interactive Investor responsible for £15,000+ LOSS

Hi,

Iíve been with Interactive Investor online stockbrokerís for many years and have been paying them £20 per quarter administration charge.

Recently my iii online account was hacked, I donít know how. But shares were sold and £15,000+ was transferred from it, to an account in my name which does not belong to me and is not at my address. I have done a free credit report from CreditExpert and this does not show any new bank accounts being opened in my name.

The fraud was reported to Interactive Investor and the Police as soon as I was aware of it, just 6 days after it happened. However the Police have not found the criminals and have closed the case. Interactive Investor now says that I have to take this loss myself and are sorry that I have been the victim of id fraud.

My question is what can I do now and what FSA rules are there which protect individuals, when a financial institution fails to check the validity of where large sums of money are being transferred.

You have obviously been subject to a fraudulent transaction. III ought to be able to do more, but if they refuse, then I would be inclined to take the matter to the Financial Ombudsman and the FSCS. There has to be an audit trail, and the route by which the fraudulent transaction was made should be traceable. Surely III are responsible for ensuring the security of their systems.

Not sure how Hackers got hold of my iii account details and password. I have never given or written down my Interactive Investor account details or password. I have Kaspersky 2012 on my home PC, ran full scan and nothing was found.

iii say that banking details on my account were changed and money was transferred by two different transaction from the account at different times on the same day. Surely this should have raised some red flags on their systems. This was not normal activity on my account which I have had with them for many years.

Also since they have an audit trail of where the money was transferred, should Interactive Investor not have pursued this with the Bank in question?. 6 days from the time of the fraud, is not that long, for them to have got in touch with this bank, rather than accepting that the police have closed the case.

I will be making a complaint to Financial Ombudsman.
However I am still very shocked at how easily Interactive Investor can leave the customer with a £15000+ loss,. Undeniably it is Interactive Investors lack of adequate security procedures and systems for checking and preventing fraud that have failed me.

First you need to assume that all of your accounts have been hacked and change all the passwords. Because your computer may have been hacked do not do this on it.

Second you need to take an accurate copy of your machine which can be analysed in future for evidential purposes. Find out what software the police use and use that.

To see how far the police have got (if anywhere) ask iii for the date time and IP address of those days the fraudulent transfers were made. Then ask the police for the same. Ask them if they've identified the computer that was used.

You were very unlucky if the hacker only selected you from all of their clients.

Go onto their forums and ask others, I mean was it a large breakdown in their security that they are keeping quiet about?

It is highly probable that the source of the required information was obtained at your home because I cannot see that their system would allow bank account details to be changed prior to a withdrawal, without it "ringing" bells?

Ran full scan using up-to-date Malwarebytes as suggested by Daytona2, it came back clean. Also I checked, all my accounts, including other online trading accounts and none of these have been hacked.

It was my Bank which first alerted me to this fraud, when a request from my Interactive Investor account was made for a large transfer to it. If it had not been for the Banks fraud detection systems and prompt action (and greediness of the Hackers), I would almost certainly have had my whole Interactive Investor account cleaned out.

Surely the quickest way to get these criminal(s) is for Interactive Investor/Police to contact the Bank where the money was transferred?. Since this is the avenue by which money was taken. I donít understand why this has not already been done, as this is the first thing I would have done . Rather than them looking for IP addresses and trying to identify the computer that was used. This could be done once the criminals are caught.

You could serve a data subject access request on iii and to prevent any possible delay from them retrieving all your transactions from archive specify that you'd like information on the transactions for the date in question.

I feel that they're being evasive and dishonest in not already giving you this information, which could be grounds for suspicion in itself. Given this, it appears as if it's up to you to ask sensible questions of them and to do this you need basic information.

You could also serve a data subject access request on the police to see what information they have.